Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MySQL Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2009-4030 - Vulnerability Database
MySQL

MySQL Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2009-4030

Medium
Reference: CVE-2009-4030
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-4030
Title: MySQL Improper Link Resolution Before File Access (Link Following) Vulnerability
Overview:

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.